Описание
CSRF vulnerability in Amazon EC2 Plugin
Amazon EC2 Plugin 1.50.1 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities. This allows an attacker to provision instances with an attacker-specified template ID.
Amazon EC2 Plugin 1.50.2 now requires POST requests for the affected HTTP endpoints.
Пакеты
Наименование
org.jenkins-ci.plugins:ec2
maven
Затронутые версииВерсия исправления
<= 1.50.1
1.50.2
Связанные уязвимости
CVSS3: 4.3
nvd
почти 6 лет назад
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.